Android device enrolment issue - MDM app is not being installed during the sign-in process
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2024 07:30 AM
Hello,
We are experiencing a new issue with our Android device enrolments where the MDM app is not being installed during the sign-in process. App is configured in Android Management between our CyberArk tenant and Google domain, and user accounts are configured to do set-up for device owner enrolment.
Previous device enrolments are still working as expected, and we first noticed this issue on 13-11-2023. No changes have been made to either the CyberArk configuration/device policy or to Google Admin.
This issue is affecting all new Android device enrolments, even across Android versions (Android 10-14 affected).
Would you please able to assist to fix this issue?
Error Log:
11-24 14:35:49.411 3842 4105 I Auth : (REDACTED) [BroadcastManager] [BroadcastManager] Broadcasting bad device management=%s
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Error when fetching package info [CONTEXT service_id=343 ]
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):190)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):39)
11-24 14:35:49.414 3842 4105 I Auth : at sbq.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):221)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.p(:com.google.android.gms@234414022@23.44.14 (100400-580326705):34)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.q(:com.google.android.gms@234414022@23.44.14 (100400-580326705):8)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.m(:com.google.android.gms@234414022@23.44.14 (100400-580326705):11)
11-24 14:35:49.414 3842 4105 I Auth : at sss.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):610)
11-24 14:35:49.414 3842 4105 I Auth : at ssy.b(:com.google.android.gms@234414022@23.44.14 (100400-580326705):94)
11-24 14:35:49.414 3842 4105 I Auth : at ssv.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):642)
11-24 14:35:49.414 3842 4105 I Auth : at slx.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):3)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.n(:com.google.android.gms@234414022@23.44.14 (100400-580326705):284)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):1087)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):2)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.fe(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at mzt.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):117)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at bdrr.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):10)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at awwb.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransactInternal(Binder.java:1056)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransact(Binder.java:1029)
11-24 14:35:49.414 3842 4105 I Auth : Caused by: android.content.pm.PackageManager$NameNotFoundException: com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:275)
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:244)
11-24 14:35:49.414 3842 4105 I Auth : at akut.e(:com.google.android.gms@234414022@23.44.14 (100400-580326705):7)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):16)
11-24 14:35:49.414 3842 4105 I Auth : ... 20 more
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequired
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2024 08:04 AM
Hi @mdas86,
Quick update for you—I'm collaborating with other teams to find the answer to your question. I anticipate having more information in the next few days. Additionally, I've sent you a DM in case you have any further questions in the meantime.
Thanks, Reece
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2024 03:50 AM
@mdas86 the invalid package signature is a weird error. How do you enroll your devices? If by QR Code have you modified the QR Code somehow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2024 07:20 AM
Hi @jeremy ,
We are using the following device set-up method as per the documentation "Setup devices using managed Google accounts"
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
Suddenly we saw the issue for new enrollment devices, existing enrolled devices are working fine. No changes to existing policies/configuration.
Looking forward your help, thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2024 04:12 AM
Hi @mdas86
How are you?
I have done some research into your question -
Are you receiving specific prompts when the MDM app fails to install? Is the issue with MDM app installation occurring on all devices?
One possibility is that Cyberark has undergone a password rotation, possibly due to an auto annual rotation. It might be helpful to verify the password values assigned to the Android Management account within Cyberark to ensure they match the intended password.
Additionally, it's worth checking within the Google Admin directory or identity services to confirm if the account used to set up the owner enrollment is active and free from any flags or token issues.
To troubleshoot, you could create a local account in your MDM and utilize those credentials to temporarily enroll a device. This test would help determine if the issue persists with a different set of credentials.
I hope the above helps, if you have solved the issue please let us know 😊
Reece.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2024 09:36 PM - edited 02-12-2024 09:51 PM
Hi @ReeceK ,
Thanks for the update!
Are you receiving specific prompts when the MDM app fails to install? - No,
Its completing the device set-up without downloading the MDM app and after this when I tried to open Play Store app, its not connecting (account sync is not happening). Actually it should connect to see all managed apps (https://play.google.com/work/apps)
if I connect(using my test account) to https://play.google.com/work/apps in chrome browser, I could able to connect and see all managed apps without any issue.
Is the issue with MDM app installation occurring on all devices? - Yes
create a local account in your MDM - I have created test account in Google Admin with third-party integration with Android EMM, unfortunately same issue is happening
FYI - These steps have been used to download MDM app
Company-owned device
If you have a new or factory-reset device, add your managed Google account during device setup:
- Turn on your device.
- Follow the on-screen steps until you're prompted to enter a Google Account.
- Enter your managed Google account and password.
- Follow the on-screen steps until setup is complete.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2024 01:21 AM
Hi @mdas86
Thanks for getting back to me.
I am going to go back to my colleagues and get more answers for you, the problem sounds like it might lie with the MDM app installation process or perhaps with the permissions/authentication during the installation.
Whilst I await a response on my end, have you reached out to your internal support channels of the MDM provider to investigate this matter further?.
Additionally, have you double-checked the permissions and configurations within your Google Admin console and Android EMM settings related to app installations and device management could also be beneficial in troubleshooting this issue?.
Just want to make sure that this has been looked into internally on your end, as well as here in the community.
Thanks again @mdas86
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2024 02:09 AM
Hi @mdas86
I've had a chat with my colleague, and here's the feedback regarding your question:
It's intriguing that there are no error messages when the MDM app fails to install.
It seems like more of a DPC issue if the problem persists even after trying with a local test account. Have you contacted your EMM about this? What have they discovered so far? Also, have they supplied the latest patch for the DPC app? If they have, it's advisable to utilize the most recent version in this case.
Hope this information proves useful,
Reece
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2024 06:20 AM
Hi @ReeceK ,
Thank you for all details, Its definitely help to troubleshoot the issue.
I am in contact with our IT support team to check with EMM set-up with Google. Also verifying the configuration in Google Admin console using test account. We didn't find any resolution till now.
It seems like more of a DPC issue - need to investigate and understand how this is related with authentication failure.
Thank you!
Manas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2024 07:39 AM
Hey @mdas86
Exciting to hear things are moving forward!
When you do hear something back, could you provide me with an update on the situation and share any feedback you've received?
And of course, if you need further assistance, feel free to reach out.
Thanks, Reece
- DPC Extras true/false entries not taken effect in Admin discussions
- Taming the tech jargon: your guide to enterprise mobility acronyms in Admin resources
- Android device enrolment issue - MDM app is not being installed during the sign-in process in Admin discussions
- Getting started with zero-touch in Admin resources